Curve Finance Resolves Front-End Exploit After $570K Stolen

Curve Finance was the victim of a front-end exploit caused by a DNS issue. It has since resolved the exploit, and FixedFloat has frozen 112 Ethereum worth of stolen funds.

The Curve team believed a glitch led to the site’s nameserver being compromised. This was later confirmed, and in the interim, the team asked users to revoke any approved contacts.

Curve fixes the issue within hours

Curve Finance announced a few hours ago that updates had been sent out, and the platform was safe to use again. The team had pinpointed the issue fairly soon after it was discovered, asking users to use curve.exchange instead of curve.fi

As for how the exploit was present in the first place, the team said that they did not know and that it was iwantmyname that likely got hacked in the first place.

An analysis of the exploit shows that whenever a transaction was approved to spend any asset, it could manually drain the funds into a malicious externally owned account (EOA) instead.

About $570,000 had been stolen. Others have also acted quickly on the matter, ensuring that the damage was limited to the initial thefts. FixedFloat froze 112 ETH of the stolen funds.

There have been several attacks on the DeFi market this year, and it is clear that attackers will use whatever means possible to exploit the most popular platforms. Bridge attacks, in particular, have become popular among attackers, and several of these have taken place in 2022.

The Ronin Bridge attack earlier this year saw over $620 million stolen, and the service only just relaunched, with the Axie Infinity developer having to reimburse victims. Most recently, the Nomad Bridge experienced an attack where hackers made away with nearly $200 million.

Most of these attacks have been because of centralization issues, according to a Certik report. While hacks can have a huge impact on projects and their reputation, it’s not always the case that they are rendered a failure forever. Many DeFi projects have successfully returned following an exploit or hack.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Source: https://beincrypto.com/curve-finance-resolves-front-end-exploit-after-570k-stolen/